RSS   Vulnerabilities for 'Assuweb'   RSS

2021-01-28
 
CVE-2021-3160

CWE-502
 

 
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.

 


Copyright 2021, cxsecurity.com

 

Back to Top